package net.pws.common.security.filter;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import net.pws.common.persistence.EntityManager;
import net.pws.common.security.SecurityContext;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;


public class CheckAccessPermissionProcessor extends AbstractAuthenticateFilter {
    
    private static final Log logger = LogFactory.getLog(CheckAccessPermissionProcessor.class);
    
    private String systemUrl = "/biz/system";
    
    private EntityManager entityManager;
    
    public CheckAccessPermissionProcessor() {
        super();
    }
    
    public CheckAccessPermissionProcessor(EntityManager entityManager) {
        super();
        this.entityManager = entityManager;
    }
    
    public String getSystemUrl() {
        return systemUrl;
    }
    
    public void setSystemUrl(String systemUrl) {
        this.systemUrl = systemUrl;
    }
    
    public EntityManager getEntityManager() {
        return entityManager;
    }
    
    public void setEntityManager(EntityManager entityManager) {
        this.entityManager = entityManager;
    }
    
    public void doFilter(ServletRequest request,
                         ServletResponse response,
                         FilterChain chain) throws IOException,
                                           ServletException {
        
        if (!(request instanceof HttpServletRequest)) {
            throw new ServletException("Can only process HttpServletRexquest");
        }
        
        if (!(response instanceof HttpServletResponse)) {
            throw new ServletException("Can only process HttpServletResponse");
        }
        
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        
        if (!required(httpRequest, httpResponse)) {
            chain.doFilter(request, response);
        }
        
        String uri = httpRequest.getRequestURI();
        if (uri.startsWith(systemUrl)) {
            if (!SecurityContext.getContext().hasPrivileged()) {
                //TODO add logic to handle the mobile user
                sendRedirect(httpRequest, httpResponse, getNoPermissionPage());
                return;
            }
        }
        // TODO add page access permission check logic
        chain.doFilter(request, response);
    }
    
    protected boolean required(HttpServletRequest request,
                               HttpServletResponse response) {
        String uri = request.getRequestURI();
        if (uri.startsWith(systemUrl)) {
            return true;
        }
        
        int pathParamIndex = uri.indexOf('?');
        
        if (pathParamIndex > 0) {
            // strip everything after the first semi-colon
            uri = uri.substring(0, pathParamIndex);
        }
        
        return (uri.endsWith(".do") || uri.endsWith(".json"));
    }
    // protected boolean hasPermission(String userId, String url) {
    // entityManager.findUnique("select count() from Permission p where p",
    // parameters)
    // }
    
}
